From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <root@dev.dominic.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 1CBB565C0B
 for <pve-devel@lists.proxmox.com>; Fri, 24 Jul 2020 10:54:36 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 0E6028644
 for <pve-devel@lists.proxmox.com>; Fri, 24 Jul 2020 10:54:36 +0200 (CEST)
Received: from dev.dominic.proxmox.com (212-186-127-178.static.upcbusiness.at
 [212.186.127.178])
 by firstgate.proxmox.com (Proxmox) with ESMTP id CA1B88622
 for <pve-devel@lists.proxmox.com>; Fri, 24 Jul 2020 10:54:34 +0200 (CEST)
Received: by dev.dominic.proxmox.com (Postfix, from userid 0)
 id A503C21228; Fri, 24 Jul 2020 10:54:34 +0200 (CEST)
From: =?UTF-8?q?Dominic=20J=C3=A4ger?= <d.jaeger@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri, 24 Jul 2020 10:54:25 +0200
Message-Id: <20200724085425.22554-1-d.jaeger@proxmox.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  1
 AWL 0.023 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 KHOP_HELO_FCRDNS        0.001 Relay HELO differs from its IP's reverse DNS
 NO_DNS_FOR_FROM         0.379 Envelope sender has no MX or A DNS records
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH manager v3] ui: fw: Close #2815: Add warning if
 fw is disabled
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 08:54:36 -0000

Currently people add firewall rules but forget to activate the firewall on
guest level. This commit adds a warning to the top bar of the firewall panel to
make them aware of this if necessary.

The existence of a rule alone should not yet trigger the warning. Only if it is
enabled but the whole firewall for that level is not.

Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
---
v2->v3:
    - rebased
    - squashed both commits to make review easier
    - one whitespace error

 www/manager6/grid/FirewallRules.js | 43 ++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/www/manager6/grid/FirewallRules.js b/www/manager6/grid/FirewallRules.js
index ec2d1c84..9a9dd286 100644
--- a/www/manager6/grid/FirewallRules.js
+++ b/www/manager6/grid/FirewallRules.js
@@ -483,8 +483,26 @@ Ext.define('PVE.FirewallRules', {
 	    throw "no list_refs_url specified";
 	}
 
+	let checkWarning = function () {
+	    Proxmox.Utils.API2Request({
+		url: me.base_url.replace('rules', 'options'),
+		method: 'GET',
+		failure: function (response) {
+		    Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+		},
+		success: function (response) {
+		    let warningRequired = !response.result.data.enable
+			&& me.store.findExact('enable', true) >= 0;
+		    me.down('displayfield[name=fw-warning]').setVisible(warningRequired)
+		},
+	    });
+	};
+
 	var store = Ext.create('Ext.data.Store',{
-	    model: 'pve-fw-rule'
+	    model: 'pve-fw-rule',
+	    listeners: {
+		    'load': checkWarning,
+	    },
 	});
 
 	var reload = function() {
@@ -606,12 +624,33 @@ Ext.define('PVE.FirewallRules', {
 	    }
 	});
 
+	let getLevel = (id) => {
+	    let invalid = 'this';
+	    let level = /root/.test(id) ? 'datacenter'
+		: /node/.test(id) ? 'node'
+		: /qemu/.test(id) ? 'VM'
+		: /lxc/.test(id) ? 'container'
+		: invalid;
+	    if (level === invalid) { console.warn(`Finding level failed for ${id}`)};
+	    return level;
+	};
+	me.warningField = Ext.create('Ext.form.field.Display',{
+	    xtype: 'displayfield',
+	    userCls: 'pmx-hint',
+	    name: 'fw-warning',
+	    margin: 'auto 0 0 0', // Avoid field randomly sticking at top
+	    value: gettext(`Warning: Firewall still disabled at `
+		+ `${getLevel(me.pveSelNode.id)} level! `
+		+ `This can be changed in Firewall->Options.`),
+	    hidden: true,
+	});
+
 	var tbar = me.tbar_prefix ? [ me.tbar_prefix ] : [];
 	tbar.push(me.addBtn, me.copyBtn);
 	if (me.groupBtn) {
 	    tbar.push(me.groupBtn);
 	}
-	tbar.push(me.removeBtn, me.editBtn);
+	tbar.push(me.removeBtn, me.editBtn, me.warningField);
 
 	var render_errors = function(name, value, metaData, record) {
 	    var errors = record.data.errors;
-- 
2.20.1